qubes-doc/configuration/config-files.md

105 lines
3.9 KiB
Markdown
Raw Normal View History

2014-03-27 16:10:39 +00:00
---
2015-04-10 20:17:45 +00:00
layout: doc
title: Config Files
permalink: /doc/config-files/
2015-09-22 09:02:22 +00:00
redirect_from:
- /en/doc/config-files/
- /doc/ConfigFiles/
2015-09-22 09:02:22 +00:00
- "/doc/UserDoc/ConfigFiles/"
- "/wiki/UserDoc/ConfigFiles/"
2014-03-27 16:10:39 +00:00
---
Configuration Files
===================
Qubes-specific VM config files
------------------------------
2014-03-27 16:10:39 +00:00
2018-02-13 13:03:21 +00:00
These files are placed in /rw, which survives a VM restart.
That way, they can be used to customize a single VM instead of all VMs based on the same template.
2016-07-20 20:26:17 +08:00
The scripts here all run as root.
2014-03-27 16:10:39 +00:00
2018-03-10 00:58:43 +00:00
- `/rw/config/rc.local` - script runs at VM startup.
Good place to change some service settings, replace config files with its copy stored in /rw/config, etc.
Example usage:
2014-03-27 16:10:39 +00:00
~~~
2014-03-27 16:10:39 +00:00
# Store bluetooth keys in /rw to keep them across VM restarts
rm -rf /var/lib/bluetooth
ln -s /rw/config/var-lib-bluetooth /var/lib/bluetooth
~~~
2014-03-27 16:10:39 +00:00
2018-02-13 13:13:24 +00:00
- `/rw/config/qubes-ip-change-hook` - script runs in NetVM after every external IP change and on "hardware" link status change.
2016-07-20 20:26:17 +08:00
- (R4.0 only) in ProxyVMs (or AppVMs with `qubes-firewall` service enabled), scripts placed in the following directories will be executed in the listed order followed by `qubes-firewall-user-script` after each firewall update.
2018-03-10 00:58:43 +00:00
Good place to write own custom firewall rules.
~~~
/etc/qubes/qubes-firewall.d
/rw/config/qubes-firewall.d
/rw/config/qubes-firewall-user-script
~~~
- (R3.2 only) `/rw/config/qubes-firewall-user-script` - script runs in ProxyVM (or AppVM with `qubes-firewall` service enabled) after each firewall update.
2018-02-13 13:03:21 +00:00
Good place to write own custom firewall rules.
2018-02-13 13:03:21 +00:00
- `/rw/config/suspend-module-blacklist` - list of modules (one per line) to be unloaded before system goes to sleep.
The file is used only in a VM with PCI devices attached.
2018-02-13 13:13:24 +00:00
Intended for use with problematic device drivers.
2014-03-27 16:10:39 +00:00
Note that scripts need to be executable (chmod +x) to be used.
2018-02-13 13:03:21 +00:00
Also, take a look at [bind-dirs](/doc/bind-dirs) for instructions on how to easily modify arbitrary system files in an AppVM and have those changes persist.
GUI and audio configuration in dom0
-----------------------------------
2018-02-13 13:03:21 +00:00
The GUI configuration file `/etc/qubes/guid.conf` in one of a few not managed by qubes-prefs or the Qubes Manager tool.
Sample config (included in default installation):
~~~
# Sample configuration file for Qubes GUI daemon
# For syntax go http://www.hyperrealm.com/libconfig/libconfig_manual.html
global: {
# default values
#allow_fullscreen = false;
#allow_utf8_titles = false;
#secure_copy_sequence = "Ctrl-Shift-c";
#secure_paste_sequence = "Ctrl-Shift-v";
#windows_count_limit = 500;
#audio_low_latency = false;
};
# most of setting can be set per-VM basis
VM: {
work: {
#allow_utf8_titles = true;
};
video-vm: {
#allow_fullscreen = true;
};
};
~~~
Currently supported settings:
2018-02-13 13:03:21 +00:00
- `allow_fullscreen` - allow VM to request its windows to go fullscreen (without any colorful frame).
2018-02-13 13:03:21 +00:00
**Note:** Regardless of this setting, you can always put a window into fullscreen mode in Xfce4 using the trusted window manager by right-clicking on a window's title bar and selecting "Fullscreen".
This functionality should still be considered safe, since a VM window still can't voluntarily enter fullscreen mode.
The user must select this option from the trusted window manager in dom0.
To exit fullscreen mode from here, press `alt` + `space` to bring up the title bar menu again, then select "Leave Fullscreen".
2018-02-13 13:03:21 +00:00
- `allow_utf8_titles` - allow the use of UTF-8 in window titles; otherwise, non-ASCII characters are replaced by an underscore.
2018-02-13 13:03:21 +00:00
- `secure_copy_sequence` and `secure_paste_sequence` - key sequences used to trigger secure copy and paste.
2018-02-13 13:03:21 +00:00
- `windows_count_limit` - limit on concurrent windows.
2018-02-13 13:03:21 +00:00
- `audio_low_latency` - force low-latency audio mode (about 40ms compared to 200-500ms by default).
Note that this will cause much higher CPU usage in dom0.